0xsh3llf1r3 / ColdWerView external linksLinks
Cobalt Strike BOF to freeze EDR/AV processes and dump LSASS using WerFaultSecure.exe PPL bypass
☆102Jan 29, 2026Updated 2 weeks ago
Alternatives and similar repositories for ColdWer
Users that are interested in ColdWer are comparing it to the libraries listed below
Sorting:
- Using Just In Time (JIT) instruction decryption, this shellcode loader ensures that only the currently executing instruction is visible i…☆63Apr 2, 2025Updated 10 months ago
- Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.☆38Aug 5, 2025Updated 6 months ago
- ☆18Sep 1, 2025Updated 5 months ago
- ☆40Dec 24, 2025Updated last month
- query specific user and login IP from remote machine☆18Nov 19, 2022Updated 3 years ago
- A C Implementation for using a new method to invoke undetectable indirect syscalls☆20Dec 2, 2025Updated 2 months ago
- ☆18Aug 8, 2024Updated last year
- Cobalt Strike UDC2 implementation that provides an Slack C2 channel☆60Jan 5, 2026Updated last month
- A bunch of shenanigans using functions, VEH and more☆37Jun 8, 2025Updated 8 months ago
- Cobalt Strike BOF for beacon/shellcode injection using fork & run technique with Draugr synthetic stack frames☆150Nov 23, 2025Updated 2 months ago
- Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll☆135Apr 18, 2025Updated 9 months ago
- A proof-of-concept to demonstrate randomized execution paths and their impact on call stack signatures — ideal for EDR testing, behavior-…☆23Jan 17, 2026Updated 3 weeks ago
- Robust Cobalt Strike shellcode loader with multiple advanced evasion features☆199Apr 21, 2025Updated 9 months ago
- CVE-2024-40711-exp☆42Oct 17, 2024Updated last year
- adws enumeration bof☆162Oct 2, 2025Updated 4 months ago
- 获取chrome 浏览器记录☆43Sep 6, 2025Updated 5 months ago
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆183Jan 17, 2026Updated 3 weeks ago
- A method of bypassing EDR's active projection DLL's by preventing entry point exection☆24May 10, 2021Updated 4 years ago
- A Crystal Palace shared library to resolve & perform syscalls☆56Oct 29, 2025Updated 3 months ago
- Advanced shellcode injector for images supports BMP, GIF, EXIF (JPEG), and LSB (PNG) techniques. Includes XOR encoding, offset indexing, …☆24Jun 11, 2025Updated 8 months ago
- WinRemoteEnum is a module-based collection of operations achievable by a low-privileged domain user.☆13Oct 24, 2022Updated 3 years ago
- Safe Harbor is a BOF that streamlines process reconnaissance for red team operations by identifying trusted, low-noise targets to maintai…☆75Oct 27, 2025Updated 3 months ago
- User-Defined C2 BOF Template☆27Nov 24, 2025Updated 2 months ago
- A BOF to create a scheduled task using a COM object.☆16Dec 3, 2024Updated last year
- An example of how a driver can register a handle creation callback.☆16Jun 12, 2023Updated 2 years ago
- Evasion kit for Cobalt Strike☆30Jan 16, 2026Updated last month
- ☆20Sep 6, 2025Updated 5 months ago
- Impacket with --remove-mic-partial☆28Jan 8, 2026Updated last month
- Beacon Object File (BOF) port of DumpGuard for extracting NTLMv1 hashes from sessions on modern Windows systems.☆207Jan 6, 2026Updated last month
- Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects☆135Apr 6, 2025Updated 10 months ago
- Payload Generation Workflow☆40Jul 18, 2025Updated 6 months ago
- CVE-2019-1040 with Kerberos delegation☆33Jun 18, 2021Updated 4 years ago
- A tool to play with scheduled tasks on Windows, in Rust☆121Nov 1, 2025Updated 3 months ago
- Monitoring tool to detect patterns or IOCs (strings, regex, VirusTotal) and alert you and your team via console, Telegram or SMS written …☆18Dec 1, 2025Updated 2 months ago
- A BOF that suspends non-GUI threads for a target process or resumes them resulting in stealthy process silencing.☆57Apr 14, 2025Updated 10 months ago
- .NET Assembly that creates network shares,sets ACE entries for directories, sets share perms, and deletes shares. Learning project for C#☆10Oct 14, 2024Updated last year
- Zero dependency browser extension for handling import of cookies, Microsoft 365 OAuth tokens, and Graph API interactions.☆22Dec 31, 2025Updated last month
- A stager and implant that executes remote Web Assembly☆33Feb 4, 2026Updated last week
- CVE-2025-59501 POC code☆25Nov 20, 2025Updated 2 months ago